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DETAILED ACTION 

1 . This action is in response to the amendment filed on February 7, 2006. Claims 
1-24 are currently being considered. 

Response to Arguments 

2. The Applicant notes that the Cited Prior Art, Icken et al. (U.S. Patent No. 
6,816,906), was commonly assigned with the present application, and thus Icken is not 
available as prior art. This rejection has been withdrawn and a new rejection is 
presented below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

3. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Trabelsi 
(U.S. Patent Publication No. US 2001/0056494 A1). 
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Regarding claim 1, Trabelsi discloses: 

A method for extending and grouping actions and permissions for authorization 
of a requesting user to access or use a requested protected system resource in a 
computer system, said method comprising the steps of: 

providing an access control policy (paragraph 9) associated with said requested 
protected system resource, said access control policy containing a permission list of 
permitted identities (paragraphs 34, 37) for use of said protected system resource, and 
at least one action group tag and associated action indicators (paragraphs 37,43-44); 

reusing a finite quantity of action indicators among a plurality of action group tags 
to control a number of unique permissions less than or equal to the product of the 
quantity of allowable action indicators and a quantity of allowable action group tags 
(paragraphs 43-44), wherein a group of administrators (paragraphs 5, 34) and the 
permissions can be grouped into generic groups using special keywords using the 
alphabetic characters which provide rights; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between permissible actions and members of a set of action indicators (paragraphs 67- 
75, wherein the permissions are checked against an access control list which has rights 
for the requestor, the authorized actions that can be performed on the resource, and the 
requested right; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes an 
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appropriate action indicator correlated to an action group tag (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 1 further comprising providing in an access 
control policy permission list a plurality of action group tags, each action group tag 
having one or more associated action indicators, such that resultant granting of 
authorization to act on said requested protected object is completed if the requested 
action is allowed by any of the associated action indicators of any of the action groups 
(paragraphs 70-75), wherein access is granted to perform action on the resource if all 
the criteria are satisfied in relation to the group and the authorized action. 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 1 , wherein said requested protected system 
resource comprises a computer file sent to a local computer from a remote computer 
over a computer network (paragraph 68), wherein the requested resource can be a 
database file. 



Regarding claim 4, Trabelsi discloses: 
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A method for managing permission indicators for computer system protected 
objects comprising the steps of: 

providing a plurality of permission indicator containers in an access control list 
(paragraphs 9, 34, 37); 

associating a first set of permission indicators with a primary permission indicator 
container (paragraphs 5, 34), wherein the group identifier specifies what privileges and 
rights the requestor possesses; and 

associating one or more additional sets of permission indicators with additional 
permission indicator containers (paragraphs 34, 43-44), wherein said permission 
indicators are reused among said containers such that permission indicators may be 
categorized and grouped logically to control a number of unique permissions less than 
or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 

Claim 5 is rejected as applied above in rejecting claim 4. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 4 wherein said step of providing a first set of 
permission indicators comprises providing at least one other (additional) permission 
indicator set having equivalent permission indicators to said first set such that 
permission indicators may be assigned unique permissive control according to a 
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permission indicator container with which they are associated (paragraphs 34-39), 
wherein a group identifier may specify one or more roles with each role possessing its 
own permission indicators. 

Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 5 wherein said step of providing an equivalent 
set of permission indicators comprises providing the characters "a" through "z" and "A" 
through "Z" as permission indicators (paragraphs 43-44), wherein keywords and 
alphabetic characters are used to provide certain permission indicators to access 
different resources. 

Claim 7 is rejected as applied above in rejecting claim 4. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 4 further comprising associating an action group 
tag with a permission indicator container (paragraphs 8, 34-38), wherein a group 
identifier can be associated with a number of different roles and different roles. 

Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 7 further comprising the step of providing an 
action group tag with an associated list of permission indicators in an access control list 
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entry (paragraphs 43-45, 67-70), wherein an group identifier is associated with different 
permission indicators which are checked when a resource is requested. 

Regarding claim 9, Trabelsi discloses: 

A computer readable medium encoded with software or extending and grouping 
actions and permissions for authorization of a requesting user to access or use a 
requested protected system resource in a computer system, said software performing 
steps comprising: 

providing an access control policy (paragraph 9) associated with said requested 
protected system resource containing a permission list of permitted identities 
(paragraphs 34, 37) and at least one action group tag with associated action indicators 
(paragraphs 37,43-44); 

reusing a finite quantity of action indicators among a plurality of action group tags 
to control a number of unique permissions less than or equal to the product of the 
quantity of allowable action indicators and a quantity of allowable action group tags 
(paragraphs 43-44), wherein a group of administrators (paragraphs 5, 34) and the 
permissions can be grouped into generic groups using special keywords using the 
alphabetic characters which provide rights; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between members of a set of action indicators (paragraphs 67-75, wherein the 
permissions are checked against an access control list which has rights for the 
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requestor, the authorized actions that can be performed on the resource, and the 
requested right; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes an 
appropriate action indicator correlated to an action group tag (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 10 is rejected as applied above in rejecting claim 9. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 9 further comprising 
software for providing in an access control policy permission list a plurality of action 
group tags, each action group tag having one or more associated action indicators, 
such that resultant granting of authorization to act on said requested protected object is 
completed if the requested action is allowed by any of the associated action indicators 
of any of the action groups (paragraphs 70-75), wherein access is granted to perform 
action on the resource if all the criteria are satisfied in relation to the group and the 
authorized action. 

Claim 1 1 is rejected as applied above in rejecting claim 9. Furthermore, Trabelsi 
discloses: 
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The computer readable medium as set forth in claim 9 wherein said requested 
protected system resource comprises a computer file sent to a local computer from a 
remote computer over a computer network (paragraph 68), wherein the requested 
resource can be a database file. 

Regarding claim 12, Trabelsi discloses: 

A computer readable medium encoded with software for managing permission 
indicators for computer system protected objects, said software performing the steps of: 

providing a plurality of permission indicator containers in an access control list 
(paragraphs 9, 34, 37); 

associating a first set of permission indicators with a primary permission indicator 
container (paragraphs 5, 34), wherein the group identifier specifies what privileges and 
rights the requestor possesses; and 

associating one or more additional sets of permission indicators with additional 
permission indicator containers (paragraphs 34, 43-44), wherein said permission 
indicators are reused among said containers such that permission indicators may be 
categorized and grouped logically to control a number of unique permissions less than 
or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 
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Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 12 wherein said software for 
providing a first set of permission indicators comprises software for providing permission 
indicators which are equivalent to at least one other (additional) permission indicators 
such that permission indicators may be assigned unique permissive control according to 
a permission indicator container with which they are associated (paragraphs 34-39), 
wherein a group identifier may specify one or more roles with each role possessing its 
own permission indicators. 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 13 wherein said software for 
providing equivalent permission indicators comprises software for providing a set of 
permission indicators including the characters "a" through "z" and "A" through "Z" 
(paragraphs 43-44), wherein keywords and alphabetic characters are used to provide 
certain permission indicators to access different resources. 

Claim 15 is rejected as applied above in rejecting claim 12. Furthermore, Trabelsi 
discloses: 
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The computer readable medium as set forth in claim 12 further comprising 
software for associating an action group tag with a permission indicator container 
(paragraphs 8, 34-38), wherein a group identifier can be associated with a number of 
different roles and different roles. 

Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 15 further comprising 
software for providing an action group tag with an associated list of permission 
indicators in an access control list entry (paragraphs 43-45, 67-70), wherein an group 
identifier is associated with different permission indicators which are checked when a 
resource is requested. 

Regarding claim 17, Trabelsi discloses: 

An authorization system for extending and grouping actions and permissions for 
authorization of a requesting user to access or use a requested protected system 
resource in a computer system, said system comprising: 

an access control policy (paragraph 9) associated with said requested protected 
system resource, having a permission list of permitted identities (paragraphs 34, 37) 
and at least one action group tag with associated action indicators wherein a finite 
quantity of action indicators are reused among a plurality of action group tags to control 
a number of unique permissions less than or equal to the product of the quantity of 
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allowable action indicators and a quantity of allowable action group tags (paragraphs 
43-44), wherein a group of administrators (paragraphs 5, 34) and the permissions can 
be grouped into generic groups using special keywords using the alphabetic characters 
which provide rights; 

a permission list evaluator for evaluating an access control policy permission list 
according to a specific permission definition associated with said action group tag, said 
permission definition providing a correlation between members of a set of action 
indicators (paragraphs 67-75, wherein the permissions are checked against an access 
control list which has rights for the requestor, the authorized actions that can be 
performed on the resource, and the requested right; and 

an authorization grantor adapted to grant authorization to perform actions on said 
requested protected system resource to said requesting user if said access control 
policy permission list includes an appropriate action indicator correlated to an action 
group tag (paragraphs 70-75), wherein access is granted to perform action on the 
resource if all the criteria are satisfied in relation to the group and the authorized action. 

Claim 18 is rejected as applied above in rejecting claim 17. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 17 further wherein said access control policy 
permission list comprises a plurality of action group tags, each action group tag having 
one or more associated action indicators, such that resultant granting of authorization to 
act on said requested protected object is completed if the requested action is allowed by 
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any of the associated action indicators of any of the action groups (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 19 is rejected as applied above in rejecting claim 17. Furthermore, Trabelsi 
discloses: 

The system as set forth in Claim 17 wherein the requested protected system 
resource comprises a computer file sent to a local computer from a remote computer 
over a computer network (paragraph 68), wherein the requested resource can be a 
database file. 

Regarding claim 20, Trabelsi discloses: 

A system for managing permission indicators for computer system protected 
objects comprising: 

a plurality of permission indicator containers for an access control list 
(paragraphs 34, 37); 

a first set of permission indicators associated with a primary permission indicator 
container (paragraphs 37,43-44); and 

one or more additional sets of permission indicators (paragraphs 34-39), 
associated with additional permission indicator containers, wherein such permission 
indicators are reused among said containers such that permission indicators are 
categorized and grouped logically to control a number of unique permissions less than 
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or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 

Claim 21 is rejected as applied above in rejecting claim 20. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 20 wherein said a first set of permission 
indicators and at least one other (additional) permission indicator set are equivalent 
permission indicators such that permission indicators are assigned unique permissive 
control according to the permission indicator container with which they are associated 
(paragraphs 34-39), wherein a group identifier may specify one or more roles with each 
role possessing its own permission indicators. 

Claim 22 is rejected as applied above in rejecting claim 21. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 21 wherein said equivalent set of permission 
indicators comprises the characters "a" through "z" and "A" through "Z" (paragraphs 43- 
44), wherein keywords and alphabetic characters are used to provide certain permission 
indicators to access different resources. 
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Claim 23 is rejected as applied above in rejecting claim 20. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 20 further comprising an action group tag 
associated with a permission indicator container (paragraphs 8, 34-38), wherein a group 
identifier can be associated with a number of different roles and different roles. 

Claim 24 is rejected as applied above in rejecting claim 23. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 23 further comprising an action group tag 
associated with a list of permission indicators in an access control list entry (paragraphs 
43-45, 67-70), wherein an group identifier is associated with different permission 
indicators which are checked when a resource is requested. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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